Thank You Sponsors!

AVENSYS.COM

CANCOPPAS.COM

DAVISCONTROLS.COM

ENDRESS.COM

EVERESTAUTOMATION.COM

FRANKLINEMPIRE.COM

HCS77.COM

MAC-WELD.COM

PEP-PETRO.COM

SPSSALES.COM

SRPCONTROL.COM

SUMMIT-INSTRUMENT.COM

WESTECH-IND.COM

VERONICS.COM

WAJAX.COM

WIKA.CA

Cybersecurity is a Vital Automation Industry Workforce Issue

The post Cybersecurity is a Vital Automation Industry Workforce Issue first appeared on the ISA Interchange blog site.

This excerpt from InTech magazine was written by Peggie Ward Koon, Ph.D., 2015 chair of the Automation Federation and 2014 president of ISA | @peggiek

One of my favorite shows is NCIS Los Angeles. Every Monday night I sit in front of the tube to see what type of threat agents Callen, Deeks, Kensi, Sam, Nell, and Eric will encounter. Usually these episodes are all about crimes being investigated, either inthumb-drive-hacked the U.S. or at some remote place around the globe, by a fictional team of the Naval Criminal Investigative Service (NCIS). And these agents intervene to either mitigate or eliminate the threats. One of the most interesting episodes aired during the holidays and was entitled “Humbug.” The story began with the team investigating a case that at first glance appeared to be about a fire that was deliberately started in the server room of a cybersecurity company, See Bug Systems. See Bug Systems developed software to protect companies from cyberattacks. The company also produced malware that it used to test its software. And the owner of the company was being asked by the U.S. government to help prevent cyberattacks against U.S. mission-critical systems.

As the plot unfolds, the NCIS agents realize that the arsonists used the fire in the computer room as a diversion; the real threat is a file that was copied from the servers to a thumb drive. Eric explains that the thumb drive contains malware that can be used to shut down programmable logic controllers used in automation. This particular malware could be used to shut down electric power plants. And Sam explains that if the file got into the wrong hands, it would be disastrous. The file would allow its owners to shut down communications and electric power, resulting in no heat, no lights, and no electrical power—across the entire country.

When asked how this happened at a company that sells cybersecurity software, the owner said that a new security system was scheduled to be installed after Christmas. Of course there were many other twists and turns in the story, including the use of other malware to divert funds to a secret corporate account. There was deception, fraud, murder, and all the typical components of a classic episode of NCIS LA.

I really related to this episode for several reasons. First, it was all about cybersecurity—one of the hottest topics today. You can hardly watch, listen to, or read the news without encountering a story about cyberthreats. From the famous Sony Pictures hackers threat to identity theft at department stores and banks—cybersecurity is being discussed everywhere.

Second, it was about automation. More often than not, the cybersecurity discussion is focused on preventing threats related to identity theft, confidentiality, finances, intellectual property, or other types of enterprise data, information, or assets. But if you attend an automation seminar, participate in an automation webinar, or attend any conference on manufacturing, automation, or operational information technology (IT), a cybersecurity discussion or presentation is sure to be included as one of the tracks on the schedule. Cybersecurity is needed in automation, too!

Now I know that there is a plethora of television shows and movies focused on cybersecurity and cyberthreats. But this NCIS story is not just a story about cybersecurity, deception, fraud, and personal security breaches. In the NCIS Los Angeles episode, a fictitious company—like so many real companies—is not secure, because it failed to either identify and/or address both infrastructure and technology vulnerabilities. The episode raises awareness of a different type of cybersecurity—the type that addresses a threat to our nation’s mission-critical infrastructure—a threat that is real.

Finally, the episode highlights the need for automation companies that provide critical services—IT, power, food and pharmaceuticals, water and utilities, manufacturing, chemical, oil and gas, and others—to not only have secure systems and components, but also to have a workforce that has been trained to detect and deter cyberattacks affecting mission-critical operations.

Click here to continue reading Peggie Ward Koon’s article at InTech magazine.

About the Author
Peggie Koon_2

Peggie W. Koon, Ph.D., is the CEO and Founder of Leading Change, LLC, a leadership coaching and consulting firm.  She is the 2015 chair of the Automation Federation, the 2014 president of ISA, and the former vice president of audience at the Augusta Chronicle and Chronicle Media, a division of Morris Publishing Group, Morris Communications.
Connect with Peggie:
48x48-linkedinEmailTwitter

 

Source: ISA News